Featured reads
Security Research
Security research and analysis with Netlas.io
white paper
Fast one-shot passive recon script with Netlas.io
blog post
How to find online cameras with Netlas.io?
blog post
Threat hunting
Non-intrusive security assessment
OSINT investigations
Reputation scoring
Security analysis
Security of IoT and Industrial devices
Vulnerable devices search
Uncover shadow IT and phishing threats
Attack surface identification
3-4 times per year
Please, sign in to manage newsletter subscription
Important updates, sales and promos
1-2 posts per week
Newest CVE, featured search queries
updates and announcements
Swagger UI
Handy web tool for testing Netlas API
Official Python SDK and command line utility
Netlas SDK
Netlas Blog
In-depth features overview & case studies
Netlas Cookbook
An ultimate guide on how to make the most of Netlas.io
Scripts & Code Samples
Useful scripts to create you own automations
Featured queries
Search queries for IoT, routers, IP cameras & more
Netlas usage, API specification, SDK & CLI installation
Restricted mobile device support
For a better experience please use screens with a horizontal resolution of 1280 pixels or more
Reconnaissance, security assessment, security research,
and other cases
dev tools,
code samples,
and other resources

Restricted mobile device support
For a better experience please use screens with a horizontal resolution of 1280 pixels or more
Netlas For security analysis

Uncover shadow IT and phishing threats using Netlas.io

Even minor changes to the attack surface can cause a breach. Detecting such unauthorized changes is a critical process.
The term "Shadow IT" generally refers to those parts of the attack surface that are not taken into account by security subdivision. Such elements can be risky, as attacks on them may go unnoticed initially.

Search for domains in other zones

Similar domains, such as netlas.io and netlas.am, may arise in different situations, such as the opening of a regional branch of a company or some experiments. Attackers can also register domains in neighboring zones in order to mislead someone, for example, using email. Using the search syntax features of the Netlas search engine, you can find such domains and determine whether they belong to a known part of the infrastructure or fall under Shadow IT.

Search for third-level domains

Search for third-level domains can help identify services used by company employees. Cloud services such as CRM, collaborative organization services, and others often create a workspace for their clients using third-level domains. For example, netlas.cloud-service.com. Using Netlas DNS search tool is an effective way to identify such cases.

Search for similar domains

Phishing resources are oftenly hosted using similar spelling domain names. You can uncover such resources using Netlas fuzzy search feature. Use ~1 or ~2 operator to query domains that differ by 1 or 2 characters, respectively.

Content analysis

The content of a website sometimes refers to the branding content of another resource rather than being stored directly. For example, this could be the company's logo. Netlas responses search tool allows for the detection of such references. You can filter or group responses to find suspicious content usage.

Search for phishing web resources

These same heuristics can be utilized in the search for phishing sites. The challenge lies in the fact that it is quite difficult to distinguish resources falling into the category of Shadow IT from phishing resources without human intervention. Technically, the data of a phishing website often duplicates the data of one of the legitimate sites of a company.

There are numerous other methods for finding phishing sites and Shadow IT using Netlas.io. You can employ fuzzy searching, identifying domain names similar to a specified one, or verify certificates if they suspect a site is mimicking an original resource. Sometimes, positive results are achieved through searching for similar favicons.
Get your free Netlas.io account!
Sign up to get up to 50 requests/day for free.
Related articles